OK, I’m blind. The first option does report data, albeit truncated so I missed it. The second dumps it as a list which in my test case was too big for even me to miss. J
-- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Tuesday, April 25, 2017 7:46 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Get group membership through powershell I’ve never had a problem with net user /domain or net group /domain althought output format isn’t particularly handy if you’re trying to manipulate the results. That said, are you sure you’re using the correct syntax? This will return the user info with no membership info Get-aduser –identity testuser –properties memberof But this will return the membership info as expected. $info = Get-aduser –identity testuser –properties memberof $info.memberOf -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Russ Sent: Tuesday, April 25, 2017 1:55 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] Get group membership through powershell OK - is there a way that you know of to use a command line tool to pull that information accurately? It seems like if a cmdlet is inaccurate, it is pretty useless. On Mon, Apr 24, 2017 at 3:02 PM, Brian Desmond <br...@briandesmond.com<mailto:br...@briandesmond.com>> wrote: MemberOf is a constructed attribute which the cmdlets may not be requesting correctly or at all. ADUC makes specific calls to AD to get that data. Thanks, Brian Desmond w – 312.625.1438<tel:(312)%20625-1438> | c – 312.731.3132<tel:(312)%20731-3132> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Russ Sent: Monday, April 24, 2017 4:32 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Get group membership through powershell I've often used powershell to get the groups that a user is a member of by using get-adprincipalgroupmembership. It's always worked to my knowledge. However, I've found one group which doesn't show up for anyone - so I was curious if anyone has run into this before. If I run get-adgroupmember for the group, everyone shows up who should be there, but if I try to run the reverse on any of the users who are a member of the group, it doesn't show up - it just returns "domain users". If I try get-aduser with -properties "memberof", nothing shows up for that property at all. (not even domain users, but I think that's normal?). If you go into ADUC and look up the user, the two groups (this one, and domain users) show up just fine. Does anyone know of a circumstance why this wouldn't return a value?